1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

4994 Commits

Author SHA1 Message Date
Andrew Bartlett
99f0659f67 r13253: More work to ensure that we don't keep data on long-term contexts.
Andrew Bartlett
(This used to be commit 35517573ff)
2007-10-10 13:51:38 -05:00
Andrew Bartlett
13c1f1b6f1 r13252: Cleanup, both in code, comments and talloc use:
In particular, I've used the --leak-report-full option to smbd to
track down memory that shouldn't be on a long-term context.  This is
now talloc_free()ed much earlier.

Andrew Bartlett
(This used to be commit c6eb74f429)
2007-10-10 13:51:38 -05:00
Andrew Bartlett
654a21178f r13207: Use the new API for using/not using kerbeors in hdb-ldb.c
Update the rootdse module to use the new schema.

Andrew Bartlett
(This used to be commit b0b150d08a)
2007-10-10 13:51:34 -05:00
Andrew Bartlett
3b0b7cb723 r13150: Correct comment.
Andrew Bartlett
(This used to be commit c34666abc1)
2007-10-10 13:51:29 -05:00
Andrew Bartlett
7dad66d8e3 r12998: A big update to samldb.c
This updates the module to handle both SID allocation and nextRid
updating while importing users.  (As imported users already have a
SID, so don't go via the allocation step).  We also ensure that SIDs
in the database are unquie at create time.

Furthermore, at allocation time, we double-check the SID isn't already
in use, and that we don't create a foriegnSecurityPrincipal for a
'local' sid.

Also create random samAccountName entries for users without one (we
were setting $000000-000000000000).

We may want to seperate the uniqueness code from the rest of samldb,
and into a module with the objectguid code, which needs similar
checks.  These checks also need to apply to modification, or those
modifications denied outright.

Also update part of the testsuite to validate this.

Andrew Bartlett
(This used to be commit 7a9c8eee4b)
2007-10-10 13:51:15 -05:00
Andrew Bartlett
1cb9484a42 r12996: Restrict this search to domain objects.
Andrew Bartlett
(This used to be commit 4d69eae382)
2007-10-10 13:51:15 -05:00
Andrew Bartlett
c96b572386 r12943: Generate a SID for the domain join account using the modules, rather
than a hardcoded SID.

Fix the samldb module to return the what *was* the nextrid, rather
than the new nextrid (that is for next time).

Andrew Bartlett
(This used to be commit ffe9042e15)
2007-10-10 13:51:11 -05:00
Andrew Bartlett
87625070be r12895: Error strings save lives.
err, they save time at least.  The correct use of an error string in
this case quickly pinpoited an overzealous check, and saved me hours
of painful debugging.

Andrew Bartlett
(This used to be commit 26946c90e8)
2007-10-10 13:50:59 -05:00
Andrew Bartlett
0b3fb7e04d r12860: Remove unused function. (we handle this in the password_hash module).
Andrew Bartlett
(This used to be commit daa4b76800)
2007-10-10 13:50:54 -05:00
Jelmer Vernooij
0b3deb20de r12851: Fix some typos
(This used to be commit 61ae77beec)
2007-10-10 13:50:53 -05:00
Stefan Metzmacher
91a37f02dd r12842: don't include system headers directly
metze
(This used to be commit 976052c656)
2007-10-10 13:50:05 -05:00
Andrew Bartlett
4f06be6123 r12818: When denying an operation, include what we think the username is in
the error message.

Andrew Bartlett
(This used to be commit 36c1f67f12)
2007-10-10 13:50:01 -05:00
Stefan Metzmacher
874c9b71b7 r12773: - remove unused variable, fix the build with some old compilers
metze
(This used to be commit 1253784c92)
2007-10-10 13:49:53 -05:00
Simo Sorce
bdc7d03c9c r12769: Make ldb_next_request() evident, I was much confused on first sight
Simo.
(This used to be commit 2f0c7b8962)
2007-10-10 13:49:52 -05:00
Andrew Bartlett
1162b37ff0 r12763: Oops. If you call ldb_search from within an ldb module's search
request handler, you really have to watch the recursion issues...

Andrew Bartlett
(This used to be commit 46628e86a2)
2007-10-10 13:49:51 -05:00
Andrew Bartlett
8c9d212f2a r12762: Simo correctly asked that the policy logic (which attributes contain
passwords) be moved into the database, and not be hard-coded in the
module source.

Andrew Bartlett
(This used to be commit 1fbe09ce81)
2007-10-10 13:49:51 -05:00
Andrew Bartlett
a8eec31354 r12746: An initial version of the kludge_acls module.
This should be replaced with real ACLs, which tridge is working on.
In the meantime, the rules are very simple:

- SYSTEM and Administrators can read all.

- Users and anonymous cannot read passwords, can read everything else

- list of 'password' attributes is hard-coded

Most of the difficult work in this was fighting with the C/js
interface to add a system_session() all, as it still doesn't get on
with me :-)

Andrew Bartlett
(This used to be commit be9d0cae89)
2007-10-10 13:49:48 -05:00
Simo Sorce
dbef4d76de r12743: Remove the ugly way we had to make a second stage init and introduce
a second_stage_init private function for modules that need a second stage init.

Simo.
(This used to be commit 5e8b365fa2)
2007-10-10 13:49:48 -05:00
Simo Sorce
c908d0b2aa r12733: Merge ldap/ldb controls into main tree
There's still lot of work to do but the patch is stable
enough to be pushed into the main samba4 tree.

Simo.
(This used to be commit 77125feaff)
2007-10-10 13:49:47 -05:00
Andrew Bartlett
ff90c1c5c3 r12720: By metze's request, rename the ntPwdHistory attribute to
sambaNTPassword.  Likewise lmPwdHistory -> sambaLMPwdHistory.

The idea here is to avoid having conflicting formats when we get to
replication.  We know the base data matches, but we may need to use a
module to munge formats.

Andrew Bartlett
(This used to be commit 8e608dd4bf)
2007-10-10 13:49:45 -05:00
Andrew Bartlett
4bfe2907e7 r12719: Rename unicodePwd -> sambaPassword.
Because we don't know the syntax of unicodePwd, we want to avoid using
that attribute name.  It may cause problems later when we get
replication form windows.

I'm doing this before the tech preview, so we don't get too many
supprises as folks upgrade databases into later versions.

Andrew Bartlett
(This used to be commit 097d9d0b7f)
2007-10-10 13:49:45 -05:00
Andrew Bartlett
5cea3edcef r12716: Tridge points out that the request argument to ldb_next_request must
be a valid talloc() pointer, as other modules may rely on this.

Andrew Bartlett
(This used to be commit 356c8c5609)
2007-10-10 13:49:44 -05:00
Andrew Bartlett
097ffed015 r12687: Push the real list of supported GENSEC mechanisms out on
supportedSASLMechanism in the rootdse.  (Second half of a patch
commited earlier today).

Andrew Bartlett
(This used to be commit 4b67b5d688)
2007-10-10 13:49:38 -05:00
Jelmer Vernooij
bc4aebfaec r12670: Make a couple of dependencies stricter
Re-introduce and use the OUTPUT_TYPE property for MODULEs to force
specific modules to always be included
(This used to be commit f9eede3d40)
2007-10-10 13:49:35 -05:00
Jelmer Vernooij
3b99d9c5bd r12658: Couple of fixes related to shared module builds.
(This used to be commit c297c93faf)
2007-10-10 13:49:35 -05:00
Jelmer Vernooij
d4de4c2d21 r12608: Remove some unused #include lines.
(This used to be commit 70e7449318)
2007-10-10 13:49:03 -05:00
Andrew Bartlett
c82c9fe7bb r12599: This new LDB module (and associated changes) allows Samba4 to operate
using pre-calculated passwords for all kerberos key types.
(Previously we could only use these for the NT# type).

The module handles all of the hash/string2key tasks for all parts of
Samba, which was previously in the rpc_server/samr/samr_password.c
code.  We also update the msDS-KeyVersionNumber, and the password
history.  This new module can be called at provision time, which
ensures we start with a database that is consistent in this respect.

By ensuring that the krb5key attribute is the only one we need to
retrieve, this also simplifies the run-time KDC logic.  (Each value of
the multi-valued attribute is encoded as a 'Key' in ASN.1, using the
definition from Heimdal's HDB.  This simplfies the KDC code.).

It is hoped that this will speed up the KDC enough that it can again
operate under valgrind.
(This used to be commit e902274321)
2007-10-10 13:49:01 -05:00
Andrew Bartlett
1c027f35d7 r12598: Make the 'objectClass' part of the templating process actually work.
We need to add to the multivalued objectClass, not ignore it because
the user has already specified a value.

Also rename the template again.

This was caught by more stringent tests in the unicodePwd module, but
breaks MMC.  A later commit will sort the objectClass.

Andrew Bartlett
(This used to be commit 0aaff059ba)
2007-10-10 13:49:01 -05:00
Jelmer Vernooij
46aa296cc9 r12592: Remove some useless dependencies
(This used to be commit ca8db1a0cd)
2007-10-10 13:49:00 -05:00
Jelmer Vernooij
2cd5ca7d25 r12542: Move some more prototypes out to seperate headers
(This used to be commit 0aca5fd513)
2007-10-10 13:47:55 -05:00
Jelmer Vernooij
d8e35f8828 r12498: Eliminate INIT_OBJ_FILES and ADD_OBJ_FILES. We were not using
the difference between these at all, and in the future the
fact that INIT_OBJ_FILES include smb_build.h will be sufficient to
have recompiles at the right time.
(This used to be commit b24f2583ed)
2007-10-10 13:47:45 -05:00
Andrew Bartlett
77f4910b57 r12427: Move SAMR CreateUser2 to transactions, and re-add support for
different computer account types.  (Earlier code changes removed the
BDC case).

We don't use the TemplateDomainController, so just have a
TemplateServer in provision_templates.ldif

Andrew Bartlett
(This used to be commit c4520ba2e6)
2007-10-10 13:47:37 -05:00
Andrew Bartlett
da46c762af r12382: Ensure to return OK on anonymous mapping.
Andrew Bartlett
(This used to be commit d61817ebb7)
2007-10-10 13:47:33 -05:00
Andrew Bartlett
631a7c5cdd r12381: Try not to segfault on an anonymous LDAP bind, and map to a guest login.
Andrew Bartlett
(This used to be commit 5ac4178e36)
2007-10-10 13:47:32 -05:00
Andrew Tridgell
636dbb355b r12363: minor fixes for win2000 join/login
- the objectClass needs to be added to the list of attributes to make
   the check for objectClass=computer work

 - the short version of the name needs to be used for the 'cn' in
   cracknames
(This used to be commit 53f0fb77c3)
2007-10-10 13:47:31 -05:00
Andrew Bartlett
bceca72304 r12361: Add a new function: ldb_binary_encode_string()
This is for use on user-supplied arguments to printf style format
strings which will become ldb filters.  I have used it on LSA, SAMR
and the auth/ code so far.

Also add comments to cracknames code.

Andrew Bartlett
(This used to be commit 8308cf6e04)
2007-10-10 13:47:30 -05:00
Andrew Bartlett
6bd8be8671 r12360: Add simple bind support into our LDAP server.
Needs changes to our client code for automated testing.

Andrew Bartlett
(This used to be commit e751d81414)
2007-10-10 13:47:30 -05:00
Andrew Bartlett
a1827a1deb r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldb
backend.

The idea is that every time we open an LDB, we can provide a
session_info and/or credentials.  This would allow any ldb to be remote
to LDAP.  We should also support provisioning to a authenticated ldap
server.

(They are separate so we can say authenticate as foo for remote, but
here we just want a token of SYSTEM).

Andrew Bartlett
(This used to be commit ae2f3a64ee)
2007-10-10 13:47:22 -05:00
Volker Lendecke
078ae0f897 r12161: Fix a memleak and do the -O1 janitor :-)
(This used to be commit 82d87d6261)
2007-10-10 13:47:16 -05:00
Andrew Tridgell
7e6a90d6b8 r12156: added samdb_domain_sid(), a routine to get the domain sid by looking
up the rootDomainNamingContext in the rootdse, then getting the
objectsid from the root of the domain
(This used to be commit 152590101e)
2007-10-10 13:47:15 -05:00
Tim Potter
03d301ead5 r11967: Fix more 64-bit warnings.
(This used to be commit 9c4436a124)
2007-10-10 13:46:52 -05:00
Andrew Tridgell
6eabad9c9d r11958: - fixed memory leaks in the ldb_result handling in ldb operations
- removed an unnecessary level of pointer in ldb_search structure
(This used to be commit b8d4afb14a)
2007-10-10 13:46:51 -05:00
Andrew Tridgell
b77685a4ae r11957: fixed up code meant for debugging
(This used to be commit 8ca8584257)
2007-10-10 13:46:51 -05:00
Andrew Tridgell
7b1850a411 r11952: added a rootdse module. This will replace the existing rootdse code in
the ldap server. The reason for the change is that ldb modules need
some way to get at the static info stored in the rootDSE (such as the
location of the schema) but they can't do that right now
(This used to be commit 7e226383f2)
2007-10-10 13:46:50 -05:00
Andrew Tridgell
9a52d1a467 r11592: fixed a crash bug from the ldb_result changes (res was being used after being freed)
(This used to be commit 5c7f3fef3e)
2007-10-10 13:45:55 -05:00
Simo Sorce
5c95905871 r11567: Ldb API change patch.
This patch changes the way lsb_search is called and the meaning of the returned integer.
The last argument of ldb_search is changed from struct ldb_message to struct ldb_result
which contains a pointer to a struct ldb_message list and a count of the number of messages.
The return is not the count of messages anymore but instead it is an ldb error value.

I tryed to keep the patch as tiny as possible bu as you can guess I had to change a good
amount of places. I also tried to double check all my changes being sure that the calling
functions would still behave as before. But this patch is big enough that I fear some bug
may have been introduced anyway even if it passes the test suite. So if you are currently
working on any file being touched please give it a deep look and blame me for any error.

Simo.
(This used to be commit 22c8c97e6f)
2007-10-10 13:45:53 -05:00
Andrew Bartlett
256a872763 r11356: More cracknames work. This copes with a lookup for a
servicePrincipalName with a realm, which always returns 'domain only',
with the realm as the domain.

Andrew Bartlett
(This used to be commit 476cd0c649)
2007-10-10 13:45:23 -05:00
Andrew Bartlett
489ad64cad r11339: Fix the build by adding the serviceprincial name cracknames helper.
Andrew Bartlett
(This used to be commit 0a5bf9348a)
2007-10-10 13:45:21 -05:00
Jelmer Vernooij
8ee1ee66ed r11303: Support defining and installing public headers for libraries.
Support installing libraries.
Get rid of pkg-config file (will be autogenerated later on).
(This used to be commit b4745032a2)
2007-10-10 13:45:16 -05:00
Andrew Bartlett
db4b95827e r11270: Move the core CrackNames code from rpc_server/drsuapi to dsdb/samdb.
I'm sure this will not be the final resting place, but it will do for
now.

Use the cracknames code in auth/ for creating a server_info given a
principal name only (should avoid assumtions about spliting a
user@realm principal).

Andrew Bartlett
(This used to be commit c9d5d8e45d)
2007-10-10 13:45:11 -05:00
Jelmer Vernooij
4c5a4a7e02 r11244: Relative path names in .mk files
(This used to be commit 24e1030090)
2007-10-10 13:45:06 -05:00
Jelmer Vernooij
f4d590662e r11214: Remove scons files (see http://lists.samba.org/archive/samba-technical/2005-October/043443.html)
(This used to be commit 7fffc5c917)
2007-10-10 13:45:03 -05:00
Stefan Metzmacher
cffd522b5c r11052: bring samba4 uptodate with the samba4-winsrepl branch,
before the bad merge

metze
(This used to be commit 471c0ca4ab)
2007-10-10 13:44:43 -05:00
Stefan Metzmacher
2ecb46d595 r11037:
(This used to be commit 6913e33840)
2007-10-10 13:42:33 -05:00
Andrew Tridgell
33da2fabe6 r10914: moved the ldap time string functions into ldb so they can be used by
the time attribute handling functions
(This used to be commit 93c296d527)
2007-10-10 13:39:42 -05:00
Andrew Tridgell
a599edf04c r10913: This patch isn't as big as it looks ...
most of the changes are fixes to make all the ldb code compile without
warnings on gcc4. Unfortunately That required a lot of casts :-(

I have also added the start of an 'operational' module, which will
replace the timestamp module, plus add support for some other
operational attributes

In ldb_msg_*() I added some new utility functions to make the
operational module sane, and remove the 'ldb' argument from the
ldb_msg_add_*() functions. That argument was only needed back in the
early days of ldb when we didn't use the hierarchical talloc and thus
needed a place to get the allocation function from. Now its just a
pain to pass around everywhere.

Also added a ldb_debug_set() function that calls ldb_debug() plus sets
the result using ldb_set_errstring(). That saves on some awkward
coding in a few places.
(This used to be commit f6818daecc)
2007-10-10 13:39:41 -05:00
Andrew Tridgell
860ffba4e1 r10897: added in a hackish ldb proxy module that I am using to experiment with
mmc management support
(This used to be commit 99a5b08881)
2007-10-10 13:39:41 -05:00
Andrew Tridgell
36d73b0e71 r10894: make the handling of dn/distinguishedName much closer to real
ldap. Also ensure we put a objectclass on our private ldb's, so they
have some chance of being stored in ldap if you want to
(This used to be commit 1af2cc067f)
2007-10-10 13:39:40 -05:00
Andrew Bartlett
1377cca5f4 r10810: This adds the hooks required to communicate the current user from the
authenticated session down into LDB.  This associates a session info
structure with the open LDB, allowing a future ldb_ntacl module to
allow/deny operations on that basis.

Along the way, I cleaned up a few things, and added new helper functions
to assist.  In particular the LSA pipe uses simpler queries for some of
the setup.

In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't
been worked on (other than making it continue to compile) since January,
and I think the features of this module are being put into ldb anyway.

I have also changed the partitions in ldap_server to be initialised
after the connection, with the private pointer used to associate the ldb
with the incoming session.

Andrew Bartlett
(This used to be commit fd7203789a)
2007-10-10 13:39:32 -05:00
Andrew Bartlett
5e0fd505ab r10791: Add copyright, fix comments (this isn't the timestamps module any more)
Andrew Bartlett
(This used to be commit efdc6d834a)
2007-10-10 13:39:29 -05:00
Andrew Tridgell
78d0e79c9f r10759: make modules easier to write by allowing modules to only implement the
functions they care about, instead of all functions. This also makes
it more likely that future changes to ldb will not break existing
modules
(This used to be commit 45f0c967b5)
2007-10-10 13:39:27 -05:00
Andrew Tridgell
5fd031c97d r10753: don't require every ldb module to implement both a search_bytree() and
a search() function, instead each module now only implements the
bytree method, and the expression based search is handled generically
by the modules code. This makes for more consistency and less code
duplication.

fixed the tdb backend to handle BASE searches much more
efficiently. They now always only lookup one record, regardless of the
search expression
(This used to be commit 7e44f9153c)
2007-10-10 13:39:26 -05:00
Jelmer Vernooij
5058f4b9e8 r10586: Add MergedObject() builder. Default to Library() rather
then StaticLibrary()
(This used to be commit b53313dc51)
2007-10-10 13:39:08 -05:00
Tim Potter
6b73c29bb7 r10497: Export the list of dsdb ldb modules.
(This used to be commit e88f5f423f)
2007-10-10 13:38:56 -05:00
Jelmer Vernooij
3d4ea18d4d r10478: More work on proto headers; we now generate a couple of smaller ones
that are then included by include/proto.h
(This used to be commit 703ffbaaac)
2007-10-10 13:38:52 -05:00
Simo Sorce
63b43dd12f r10477: expose transactions outside ldb and change the API once more
do not autostart transactions on ldb operations if a transaction is already in place
test transactions on winsdb

all my tests passes so far
tridge please confirm this is ok for you
(This used to be commit c2bb2a36bd)
2007-10-10 13:38:52 -05:00
Andrew Tridgell
37cefc8b41 r10411: we don't need the 10 times retry on rid allocation now, as
transactions ensure two account creations can't interfere with each
other
(This used to be commit 91c27bc976)
2007-10-10 13:38:42 -05:00
Jelmer Vernooij
6812c73534 r10348: Add scons scripts for remaining subsystems. Most subsystems build now,
but final linking still fails (as does generating files asn1, et, idl and proto
files)
(This used to be commit 4f0d7f75b9)
2007-10-10 13:38:30 -05:00
Jelmer Vernooij
5b02ee9b9d r10336: Add sconscript for a couple more subsystems.
(This used to be commit 59d4450453)
2007-10-10 13:38:29 -05:00
Simo Sorce
3d7935e656 r10306: change these modules to use new error API
(This used to be commit e86c9b4a7f)
2007-10-10 13:38:16 -05:00
Simo Sorce
4f85004da5 r10300: forgot to change the dsdb modules function names
(This used to be commit e9018e3d9f)
2007-10-10 13:38:15 -05:00
Tim Potter
3caab0a64d r9992: More fixes from the 64-bit warning police.
(This used to be commit cda829f0d9)
2007-10-10 13:36:27 -05:00
Andrew Bartlett
9b905c9f27 r9930: Use a single samdb_base_dn() function rather than lots of silly
searches all over the place.

This can be extended to cover an NT4 (no ADS) mode in future as well.

Andrew Bartlett
(This used to be commit 0761b22f99)
2007-10-10 13:36:23 -05:00
Jelmer Vernooij
08f630be82 r9915: Some more mappings. Fix weird sAMAccountName values.
(This used to be commit 8ff1358f40)
2007-10-10 13:36:21 -05:00
Jelmer Vernooij
ca6c0af86f r9908: Generate posixUser and posixGroup as well
(This used to be commit ebed25b47d)
2007-10-10 13:36:21 -05:00
Jelmer Vernooij
e2e2508b58 r9899: Be more conservative about what is sent to the remote server in ldb_map.
(This used to be commit 76e943d441)
2007-10-10 13:36:21 -05:00
Tim Potter
23f68eda42 r9883: More nested initialiser fixes.
(This used to be commit 579d111478)
2007-10-10 13:36:20 -05:00
Jelmer Vernooij
b19cc95a88 r9849: Extend testsuite a bit more.
(This used to be commit 5cbe1e6b70)
2007-10-10 13:36:17 -05:00
Jelmer Vernooij
222fdd5237 r9842: More error checks in the ldb_map modules, extend testsuite
(This used to be commit b7992de4b7)
2007-10-10 13:36:17 -05:00
Jelmer Vernooij
84bfcd3c78 r9835: Make ldb_map compile in the stand-alone LDB build
(This used to be commit 2283a336e0)
2007-10-10 13:36:17 -05:00
Jelmer Vernooij
6cf1b0c07c r9793: Be more verbose, check for errors in upgrade script.
(This used to be commit b7c09df9e5)
2007-10-10 13:35:02 -05:00
Jelmer Vernooij
f9447d2a17 r9786: Move ldb_map into ldb/modules/
Move samba3sam to dsdb/
(This used to be commit eb9d615bcd)
2007-10-10 13:35:01 -05:00
Jelmer Vernooij
584f3aeb7e r9768: Arrrgh.. Right this time.
(This used to be commit 8bded3fc92)
2007-10-10 13:34:58 -05:00
Jelmer Vernooij
2f6fd1d45c r9767: Fix typo
(This used to be commit 0602e8b3e7)
2007-10-10 13:34:58 -05:00
Simo Sorce
61aaf82b62 r9654: introduce the samdb_search_dn call
(This used to be commit 333ebb40d5)
2007-10-10 13:34:38 -05:00
Simo Sorce
3e4c4cff21 r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names
Provide more functions to handle DNs in this form
(This used to be commit 692e35b779)
2007-10-10 13:33:32 -05:00
Simo Sorce
b59bbe3fec r9385: Remove unused functions
(This used to be commit fac8ff6237)
2007-10-10 13:33:31 -05:00
Stefan Metzmacher
3be75a4c6d r9240: - move struct security_token to the idl file, with this we can
the ndr_pull/push/print functions for it in the ntacl-lsm module

- fix compiler warnings in the ldap_encode_ndr_* code

metze
(This used to be commit 83d65d0d7e)
2007-10-10 13:31:37 -05:00
Stefan Metzmacher
ede70c80e8 r9208: fix a crash bug
metze
(This used to be commit f8a25ac239)
2007-10-10 13:31:31 -05:00
Jelmer Vernooij
6553dd0c60 r8811: Fix the build..
(This used to be commit fac77f5fa2)
2007-10-10 13:30:07 -05:00
Rafal Szczesniak
ebb76f84ad r8810: Fix missing headers. Still doesn't fix the build but getting closer there.
rafal
(This used to be commit bc638cc3d6)
2007-10-10 13:30:07 -05:00
Andrew Bartlett
0b7a387831 r8791: (missing from previous commit)
Add templating support for foreignSecurityPrincipal to the samdb
module.

Andrew Bartltt
(This used to be commit 5f51d806d7)
2007-10-10 13:30:06 -05:00
Andrew Bartlett
a7f9d9c5b8 r8740: Extend the rdn_name module to handle adding the rdn as an attribute. ie:
dn: cn=foo,ou=bar
objectClass: person

implies

dn: cn=foo,ou=bar
objectClass: person
cn: foo
(as well as a pile more default attributes)

We also correct the case in the attirbute to match that in the DN
(win2k3 behaviour) and I have a testsuite (in ejs) to prove it.

This module also found a bug in our provision.ldif, so and reduces
code complexity in the samdb module.

Andrew Bartlett
(This used to be commit 0cc58f5c3c)
2007-10-10 13:30:00 -05:00
Andrew Tridgell
f1418f62ee r8715: - revert the %PRIi64 stuff. Tim, we explicitly check for %llu support
in configure, and replace snprintf if the system doesn't support
  it. Our replacement code does not handle the "%PRIi64" stuff, so
  using it would break us on lots of platforms

- fixed constant array initialisers to work on HPUX.
(This used to be commit c6bae3e87e)
2007-10-10 13:29:58 -05:00
Tim Potter
ab4f3a663b r8714: Oops - get it right this time!
(This used to be commit 1d2b708da6)
2007-10-10 13:29:58 -05:00
Tim Potter
a33c02612a r8713: Experiment to try and fix warnings on 64-bit machines without breaking
32-bit ones.  Yes, this weird looking macros are part of C99.
(This used to be commit 7b316f119b)
2007-10-10 13:29:57 -05:00
Andrew Bartlett
d3a2b03f76 r8674: With the rdn_name module, we don't need this duplication in the samdb
module any more.

Andrew Bartlett
(This used to be commit da48e77e7c)
2007-10-10 13:29:53 -05:00
Andrew Bartlett
4396d0d148 r8669: The objectguid module belongs in Samba's ldb module collection, not in
ldb, as it can't build without the NDR and GUID code.

Also make it properly use the NDR encoding for the GUID (I forgot last
time, and used a string), as well as set the dependencies on the
module correctly.

Andrew Bartlett
(This used to be commit 8054abc76e)
2007-10-10 13:29:52 -05:00
Andrew Bartlett
c7204bd985 r8666: The same fix as the last commit, I was caught out on a move from a
BOOL to int function return.

Andrew Bartlett
(This used to be commit e03e00fe60)
2007-10-10 13:29:51 -05:00
Andrew Bartlett
c2f9eb30cd r8664: I got caught out not testing...
I replaced these function calls, and they went from BOOL to int return
values, so naturally failed.

Andrew Bartlett
(This used to be commit 1982fdb6f3)
2007-10-10 13:29:51 -05:00
Andrew Bartlett
8191f2cc80 r8663: Since simo constructed the samdb module, he and tridge have worked on
a DN parsing system.  Leverage that in the dsdb module.

Andrew Bartlett
(This used to be commit 2408f32276)
2007-10-10 13:29:51 -05:00
Andrew Bartlett
6173fad231 r8660: Use templates for the initial provision of user and computer accounts.
This ensures the templating code is used, and also makes it clearer
what I need to duplicate in the vampire area.

Also fix a silly bug in the template application code (the samdb
module) that caused templates to be compleatly unused (my fault, from
my commit last night).

Andrew Bartlett
(This used to be commit 4a8ef7197f)
2007-10-10 13:29:51 -05:00
Andrew Bartlett
24d2107324 r8650: Use the timestamps and a new objectguid module rather than placing
boilerplate attributes in every entry in provision.ldif.

The next step will be to use templates.

Andrew Bartlett
(This used to be commit 940ed9827f)
2007-10-10 13:29:50 -05:00
Andrew Tridgell
139e43bf9c r8568: change missing templates to warnings, so that provisioning with an existing db
doesn't print lots of fatal errors
(This used to be commit d8d47bb18f)
2007-10-10 13:29:39 -05:00
Andrew Tridgell
e835621799 r8520: fixed a pile of warnings from the build farm gcc -Wall output on
S390. This is an attempt to avoid the panic we're seeing in the
automatic builds.

The main fixes are:

 - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats

 - use of NULL format statements to perform dn searches.

 - assumption that sizeof() returns an int
(This used to be commit a58ea6b385)
2007-10-10 13:29:34 -05:00
Volker Lendecke
3e0aa2e756 r8321: Fix some uninitalized variable warnings
(This used to be commit 126cb3db4b)
2007-10-10 13:20:06 -05:00
Stefan Metzmacher
5a176571d8 r8224: - add objectGUID ldif_handler
- fix some compiler warnings

metze
(This used to be commit e6c39241bf)
2007-10-10 13:19:21 -05:00
Andrew Tridgell
e83fb4fa1b r7925: small tidyup (please keep lines at a reasonable length)
(This used to be commit 0bfd91c32a)
2007-10-10 13:18:51 -05:00
Andrew Tridgell
d60b11c1f0 r7864: fixed some const bugs
(This used to be commit 616f54015f)
2007-10-10 13:18:44 -05:00
Andrew Tridgell
bdee131f30 r7860: switch our ldb storage format to use a NDR encoded objectSid. This is
quite a large change as we had lots of code that assumed that
objectSid was a string in S- format.

metze and simo tried to convince me to use NDR format months ago, but
I didn't listen, so its fair that I have the pain of fixing all the
code now :-)

This builds on the ldb_register_samba_handlers() and ldif handlers
code I did earlier this week. There are still three parts of this
conversion I have not finished:

 - the ltdb index records need to use the string form of the objectSid
   (to keep the DNs sane). Until that it done I have disabled indexing on
   objectSid, which is a big performance hit, but allows us to pass
   all our tests while I rejig the indexing system to use a externally
   supplied conversion function

 - I haven't yet put in place the code that allows client to use the
   "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3
   supports this, presumably by looking for the "S-" prefix to
   determine what type of objectSid form is being used by the client. I
   have been working on ways to handle this, but am not happy with
   them yet so they aren't part of this patch

 - I need to change pidl to generate push functions that take a
   "const void *" instead of a "void*" for the data pointer. That will
   fix the couple of new warnings this code generates.

Luckily it many places the conversion to NDR formatted records
actually simplified the code, as it means we no longer need as many
calls to dom_sid_parse_talloc(). In some places it got more complex,
but not many.
(This used to be commit d40bc2fa8d)
2007-10-10 13:18:44 -05:00
Andrew Tridgell
f0c1c51334 r7783: the whenChanged attribute is now handled by the timestamps module, and
should not be handled here as well. I had to remove it from here as it
was buggy anyway (it wasn't setting the modify flags, this making an
invalid ldb_modify() request)
(This used to be commit f267e9d5b7)
2007-10-10 13:18:36 -05:00
Andrew Tridgell
a40d966ff5 r7763: fixed some circular dependencies
(This used to be commit 3bdf89b0f7)
2007-10-10 13:18:32 -05:00
Simo Sorce
4864c329c4 r7615: fix the build and simplify gendb_search_dn
(This used to be commit b38bb63175)
2007-10-10 13:18:14 -05:00
Simo Sorce
9189833a87 r7582: Better way to have a fast path searching for a specific DN.
Old way was ugly and had a bug, you couldn't add an attribute named
dn or distinguishedName and search for it, tdb would change that search in a dn search.
This makes it also possible to search by dn against an ldap server as the old method was
not supported by ldap syntaxes.

sss
(This used to be commit a614466dec)
2007-10-10 13:18:11 -05:00
Andrew Tridgell
4b0e5bd753 r7527: - added a ldb_search_bytree() interface, which takes a ldb_parse_tree
instead of a search expression. This allows our ldap server to pass
  its ASN.1 parsed search expressions straight to ldb, instead of going
  via strings.

- updated all the ldb modules code to handle the new interface

- got rid of the separate ldb_parse.h now that the ldb_parse
  structures are exposed externally

- moved to C99 structure initialisation in ldb

- switched ldap server to using ldb_search_bytree()
(This used to be commit 96620ab2ee)
2007-10-10 13:18:06 -05:00
Simo Sorce
fe4d985b6f r6470: Remove ldb_search_free() it is not needed anymore.
Just use talloc_free() to release the memory after an ldb_search().
(This used to be commit 4f0948dab0)
2007-10-10 13:11:40 -05:00
Simo Sorce
5487ee5e9c r6084: - Introduce the samldb module dependency on samba4
- This module will take care of properly filling an user or group object
  with required fields. You just need to provide the dn and the objectclass
  and a user/group get created

  Simo.
(This used to be commit fb9afcaf53)
2007-10-10 13:11:18 -05:00
Andrew Bartlett
79f6bcd5ae r5988: Fix the -P option (use machine account credentials) to use the Samba4
secrets system, and not the old system from Samba3.

This allowed the code from auth_domain to be shared - we now only
lookup the secrets.ldb in lib/credentials.c.

In order to link the resultant binary, samdb_search() has been moved
from deep inside rpc_server into lib/gendb.c, along with the existing
gendb_search_v().  The vast majority of this patch is the simple
rename that followed,

(Depending on the whole SAMDB for just this function seemed pointless,
and brought in futher dependencies, such as smbencrypt.c).

Andrew Bartlett
(This used to be commit e13c671619)
2007-10-10 13:11:12 -05:00
Simo Sorce
7d7aacc347 r5588: We currently use a string representing an hex number so conform to that.
But we should move to a signed integer in future to be AD compatible.
(This used to be commit b67512c513)
2007-10-10 13:10:55 -05:00
Simo Sorce
625a2673c1 r5587: more work around the samldb module
fix the provision.ldif the layout of the @MODULES dn has changed since last commit
(This used to be commit acb99e63d4)
2007-10-10 13:10:55 -05:00
Simo Sorce
b1b14817ea r5585: LDB interfaces change:
changes:
- ldb_wrap disappears from code and become a private structure of db_wrap.c
  thanks to our move to talloc in ldb code, we do not need to expose it anymore

- removal of ldb_close() function form the code
  thanks to our move to talloc in ldb code, we do not need it anymore
  use talloc_free() to close and free an ldb database

- some minor updates to ldb modules code to cope with the change and fix some
  bugs I found out during the process
(This used to be commit d58be9e74b)
2007-10-10 13:10:55 -05:00
Simo Sorce
d2dc86994e r5584: add new experimental ldb module
(This used to be commit e77a070c84)
2007-10-10 13:10:55 -05:00
Andrew Tridgell
a0e6f6c05b r5309: removed ads.h from includes.h
(This used to be commit 196c45b834)
2007-10-10 13:09:40 -05:00
Andrew Tridgell
a5bd1ccada r5307: removed db_wrap.h from includes.h
(This used to be commit 826baec7b3)
2007-10-10 13:09:40 -05:00
Andrew Tridgell
e82aad1ce3 r5298: - got rid of pstring.h from includes.h. This at least makes it a bit
less likely that anyone will use pstring for new code

 - got rid of winbind_client.h from includes.h. This one triggered a
   huge change, as winbind_client.h was including system/filesys.h and
   defining the old uint32 and uint16 types, as well as its own
   pstring and fstring.
(This used to be commit 9db6c79e90)
2007-10-10 13:09:38 -05:00
Andrew Tridgell
759da3b915 r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5)
2007-10-10 13:09:15 -05:00
Andrew Bartlett
1be1d8046d r4766: Add another useful helper function: samdb_msg_set_value()
Andrew Bartlett
(This used to be commit a43f7392f7)
2007-10-10 13:08:51 -05:00
Andrew Bartlett
c0571f6234 r4698: - Initial implementation of trusted domains in LSA.
- Use templates for Secrets and the new trusted domains

 - Auto-add modifiedTime, createdTime and objectGUID to records in the
   samdb layer.

Andrew Bartlett
(This used to be commit 271c8faadf)
2007-10-10 13:08:44 -05:00
Andrew Bartlett
0a0dbc37f3 r4679: Remove the void* from samdb. We now use structures without full
declarations all the time, and the struture the void* is hiding here
is even a declared one, so there is no excuse.  This also causes the
compiler to warn on bugs.

Andrew Bartlett
(This used to be commit f40e794902)
2007-10-10 13:08:42 -05:00
Stefan Metzmacher
fd4831f1f0 r4650: - make more use of bitmap and enum's
- move some structs out of misc.idl

metze
(This used to be commit b6543a6e30)
2007-10-10 13:08:39 -05:00
Andrew Tridgell
11ce2cfd70 r4591: - converted the other _p talloc functions to not need _p
- added #if TALLOC_DEPRECATED around the _p functions

- fixes the code that broke from the above

while doing this I fixed quite a number of places that were
incorrectly using the non type-safe talloc functions to use the type
safe ones. Some were even doing multiplies for array allocation, which
is potentially unsafe.
(This used to be commit 6e7754abd0)
2007-10-10 13:08:30 -05:00
Stefan Metzmacher
1ec6416a35 r4568: make use of SidType and move it to lsa.idl
metze
(This used to be commit c2523adc0a)
2007-10-10 13:08:28 -05:00
Andrew Tridgell
ddc10d4d37 r4549: got rid of a lot more uses of plain talloc(), instead using
talloc_size() or talloc_array_p() where appropriate.

also fixed a memory leak in pvfs_copy_file() (failed to free a memory
context)
(This used to be commit 89b74b5354)
2007-10-10 13:08:25 -05:00
Andrew Tridgell
cc55aef7c1 r4547: - added talloc_new(ctx) macro that is a neater form of the common talloc(ctx, 0) call.
- cleaned up some talloc usage in various files

I'd like to get to the point that we have no calls to talloc(), at
which point we will rename talloc_p() to talloc(), to encourage
everyone to use the typesafe functions.
(This used to be commit e6c81d7c9f)
2007-10-10 13:08:20 -05:00
Stefan Metzmacher
a4fc930235 r4532: - rename bitmap -> bits
the next commit is support for typedef bitmap {...}; in pidl

metze
(This used to be commit bd06a85cb7)
2007-10-10 13:08:19 -05:00
Andrew Tridgell
500d5523d2 r4475: fixed smbd to work with the small changes in the ldb API (the most important
change was in the ldb_msg_add_*() routines, which now use the msg as a context,
and thus it needs to be a talloc ptr)
(This used to be commit 1a4713bfd0)
2007-10-10 13:07:55 -05:00
Stefan Metzmacher
b5b1c52a98 r4419: move security_token stuff to the libcli/security/
and debug privileges

metze
(This used to be commit c981808ed4)
2007-10-10 13:07:47 -05:00
Volker Lendecke
8da7a60557 r4414: Various bits&pieces:
* Implement samr_search_domain, filter out all elements with no "objectSid"
  attribute and all objects outside a specified domain sid.

* Minor cleanups in dcerpc_samr.c due to that.

* Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe
  one step further.

* Same for samr_info_DomInfo1.

Volker
(This used to be commit cdec896113)
2007-10-10 13:07:46 -05:00
Volker Lendecke
e14a5a9167 r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and
samr_GetMembersInAlias.

Volker
(This used to be commit 78802720ae)
2007-10-10 13:07:40 -05:00
Volker Lendecke
77529ae792 r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and
samr_QueryGroupMember.

Volker
(This used to be commit 43581c3711)
2007-10-10 13:07:39 -05:00
Volker Lendecke
61b1620fc4 r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't there
enough stuff to do in 3_0??? ;-)

Volker
(This used to be commit c0fa7a92d9)
2007-10-10 13:07:35 -05:00
Andrew Tridgell
adbdb055ee r4151: added privilege attribute handling on samdb.
pvfs will now honor some privileges on ACLs, and it will be quite easy
to add the checks for more privileges in the necessary places, by
making calls to sec_privilege_check().
(This used to be commit 3549039d0f)
2007-10-10 13:07:19 -05:00
Stefan Metzmacher
436732e1ed r4097: add missing file from last commit
sorry!:-)

metze
(This used to be commit c2495d60a1)
2007-10-10 13:06:26 -05:00
Stefan Metzmacher
8d0c3eefbc r4096: move the samdb code to source/dsdb/
the idea is to have a directory service db layer
which will be used by the ldap server, samr server, drsuapi server
authentification...

I plan to make different implementations of this interface possible
- current default will be the current samdb code with sam.ldb
- a compat implementation for samba3 (if someone wants to write one)
- a new dsdb implementation which:
  - understands naming contexts (directory parrtitions)
  - do schema and acl checking checking
  - maintain objectGUID, timestamps and USN number,
    maybe linked attributes ('member' and 'memberOf' attributes)
  - store metadata on a attribute=value combination...

metze
(This used to be commit 893a8b8bca)
2007-10-10 13:06:26 -05:00